Location: PHPKode > projects > QuickTicket > quickticket/qti_login.php
<?php

/**
* PHP versions 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package    QuickTicket
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2008-2012 The PHP Group
* @version    2.5.1 build:20110304
*/

session_start();
require_once('bin/qti_init.php');

// INITIALISE

include(GetLang().'qti_reg.php');

$oVIP->selfurl = 'qti_login.php';
$oVIP->selfname = $L['Login'];

$strName = '';
if ( isset($_GET['dfltname']) )
{
  $strName=$_GET['dfltname']; if ( get_magic_quotes_gpc() ) $strName = stripslashes($strName);
  $strName=QTconv($strName,'U',false,false);
}

// --------
// SUBMITTED for login
// --------

if ( isset($_POST['ok']) )
{
  // CHECK FORM VALUE

  $strName = $_POST['title']; if ( get_magic_quotes_gpc() ) $strName = stripslashes($strName);
  $strName = QTconv($strName,'U',false,false);
  if ( !QTislogin($strName) ) $error = $L['Username'].' '.$L['E_invalid'];

  $strPwd = $_POST['pwd']; if ( get_magic_quotes_gpc() ) $strPwd = stripslashes($strPwd);
  $strPwd = QTconv($strPwd,'U',false,false);
  if ( !QTispassword($strPwd) ) $error = $L['Password'].' '.$L['E_invalid'];

  if ( isset($_POST['u']) ) $oVIP->exiturl=strip_tags($_POST['u']);

  // EXECUTE

  if ( empty($error) )
  {

    $arrLog = $oVIP->Login($strName,$strPwd,isset($_POST['remember']));

    if ( $oVIP->auth )
    {
      // check registered if children and coppa active (0=Adult, 1=Kid aggreed, 2=Kid not aggreed)
      if ( QTI_USE_COPPA ) {
      if ( isset($arrLog['coppa']) ) {
      if ( $arrLog['coppa']==2 ) {
        $oVIP->auth=false;
        $_SESSION[QT.'_usr_auth']='no';
        $oVIP->exitname = ObjTrans('index','i',$_SESSION[QT]['index_name']);
        $oVIP->EndMessage(NULL,'<h2>'.$L['Welcome'].' '.$strName.'</h2>'.$L['E_access'].'<br />'.$L['E_coppa_confirm'],$_SESSION[QT]['skin_dir'],0,'350px','login_header','login');
      }}}

      // check banned
      if ( $arrLog['closed']>0 )
      {
        // protection against hacking of admin/moderator
        if ( $oVIP->id<2 || $oVIP->IsStaff() || $oVIP->numpost==0 )
        {
        $oDB->Query('UPDATE '.TABUSER.' SET closed="0" WHERE id='.$oVIP->id);
        $oVIP->exiturl = 'qti_login.php?dfltname='.$strName;
        $oVIP->exitname = $L['Login'];
        $oVIP->EndMessage(NULL,'<p>You were banned...<br />As you are admin/moderator or a new member (without post), the protection system has re-opened your account.<br />Re-try login now...</p>',$_SESSION[QT]['skin_dir'],0);
        }
        // normal process
        $intDays = 1;
        if ( $arrLog['closed']==2 ) $intDays = 10;
        if ( $arrLog['closed']==3 ) $intDays = 20;
        if ( $arrLog['closed']==4 ) $intDays = 30;
        $oDB->Query( 'SELECT lastdate FROM '.TABUSER.' WHERE id='.$oVIP->id);
        $row = $oDB->Getrow();
        if ( $row['lastdate']=='0' ) $row['lastdate']='20000101';
        $endban = DateAdd($row['lastdate'],$intDays,'day');
        if ( date('Ymd')>$endban )
        {
          $oDB->Query('UPDATE '.TABUSER.' SET closed="0" WHERE id='.$oVIP->id);
          $oVIP->exiturl = 'qti_login.php?dfltname='.$strName;
          $oVIP->exitname = $L['Login'];
          $oVIP->EndMessage(NULL,'<p>'.$L['Is_banned_nomore'].'</p>',$_SESSION[QT]['skin_dir'],0,'350px','login_header','login');
        }
        else
        {
          $oVIP->auth=false;
          $_SESSION[QT.'_usr_auth']='no';
          $oVIP->EndMessage(NULL,"<h2>$strName ".strtolower($L['Is_banned'])."</h2><p>{$L['E_access']}</p><p>{$L['Retry_tomorrow']}</p>",$_SESSION[QT]['skin_dir'],0,'350px','login_header','login');
        }
      }


      // upgrade profile

      $oDB->Query('SELECT secret_a FROM '.TABUSER.' WHERE id='.$oVIP->id);
      $row = $oDB->Getrow();
      if ( empty($row['secret_a']) ) 
      {
      $oVIP->exiturl = 'qti_user_question.php?id='.$oVIP->id;
      $oVIP->exitname = $L['Secret_question'];
      $oVIP->EndMessage(NULL,'<h2>'.$L['Welcome'].' '.$strName.'</h2><p>'.$L['Update_secret_question'].'</p>',$_SESSION[QT]['skin_dir'],0,'400px','login_header','login');
      }

      // end message

      $oVIP->exitname = ObjTrans('index','i',$_SESSION[QT]['index_name']);
      $oVIP->EndMessage(NULL,'<h2>'.$L['Welcome'].' '.$strName.'</h2><br /><br />',$_SESSION[QT]['skin_dir'],2,'350px','login_header','login');
    }
    else
    {
      $error = $L['E_access'];
    }

  }

}

// --------
// SUBMITTED for loggout
// --------

if ( isset($_GET['a']) ) {
if ( $_GET['a']=='out' ) {

  // LOGGING OUT

  $oVIP->Logout();

  // REBOOT

  GetParam(true);

  // check major parameters
  if ( !isset($_SESSION[QT]['skin_dir']) ) $_SESSION[QT]['skin_dir']='skin/default';
  if ( !isset($_SESSION[QT]['language']) ) $_SESSION[QT]['language']='english';
  if ( empty($_SESSION[QT]['skin_dir']) ) $_SESSION[QT]['skin_dir']='skin/default';
  if ( empty($_SESSION[QT]['language']) ) $_SESSION[QT]['language']='english';
  if ( substr($_SESSION[QT]['skin_dir'],0,5)!='skin/' ) $_SESSION[QT]['skin_dir'] = 'skin/'.$_SESSION[QT]['skin_dir'];

  $oVIP->selfurl = 'qti_login.php?a=out';
  $oVIP->selfname = $L['Logout'];
  $oVIP->exitname = ObjTrans('index','i',$_SESSION[QT]['index_name']);
  $oVIP->EndMessage(NULL,'<p>'.$L['Goodbye'].'</p>', $_SESSION[QT]['skin_dir'],2,'350px','login_header','login');

}}

// --------
// HTML START
// --------

include('qti_p_header.php');

echo '
<script type="text/javascript">
<!--
function ValidateForm(theForm)
{
  if (theForm.title.value.length==0) { alert(qtHtmldecode("',$L['Missing'],': ',$L['Username'],'")); return false; }
  if (theForm.pwd.value.length==0) { alert(qtHtmldecode("',$L['Missing'],': ',$L['Password'],'")); return false; }
  return null;
}
-->
</script>
';

$oHtml->Msgbox($oVIP->selfname,array('style'=>'width:350px'),array('id'=>'login_header'),array('id'=>'login'));

$str='';
if ( isset($_GET['s']) ) $str = '<input type="hidden" id="u" name="u" value="qti_topics.php?s='.intval($_GET['s']).'">';
if ( isset($_GET['t']) ) $str = '<input type="hidden" id="u" name="u" value="qti_topic.php?t='.intval($_GET['t']).'">';

if ( !empty($error) ) echo '<span class="error">',$error,'</span>&nbsp;';
echo '<form method="post" action="',Href(),'" onsubmit="return ValidateForm(this);">
<p style="text-align:right"><label for="title">',$L['Username'],'</label>&nbsp;<input type="text" id="title" name="title" size="20" maxlength="24" value="',$strName,'" />&nbsp;</p>
<p style="text-align:right"><label for="pwd">',$L['Password'],'</label>&nbsp;<input type="password" id="pwd" name="pwd" size="20" maxlength="24" onkeyup="qtKeypress(event,\'ok\')" />&nbsp;</p>
<p style="text-align:right"><input type="checkbox" id="remember" name="remember" />&nbsp;<label for="remember">',$L['Remember'],'</label>&nbsp;&nbsp;
',$str,'<input type="submit" id="ok" name="ok" value="',$L['Ok'],'" />&nbsp;</p>
<p style="text-align:right"><a class="small" href="',Href('qti_user_new.php'),'">',$L['Register'],'</a> &middot; <a class="small" href="',Href('qti_reset_pwd.php'),'?a=id">',$L['Forgotten_pwd'],'</a>&nbsp;</p>
</form>';

$oHtml->Msgbox();

// HTML END

$strFooterAddScript = '
<script type="text/javascript">
<!--
document.getElementById("title").focus();
if ( document.getElementById("title").value.length>1 ) { document.getElementById("pwd").focus(); }
-->
</script>
';

include('qti_p_footer.php');
Return current item: QuickTicket